Convert ssl3_cbc_digest_record() to use EVP_MD_is_a()

Previously it used EVP_MD_type(), which doesn't work when called inside the FIPs module. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12732)
author: Matt Caswell <matt@openssl.org> 2020-08-31 14:43:15 +0100
committer: Matt Caswell <matt@openssl.org> 2020-09-03 09:40:52 +0100
commit: 13c9843cff061304275a1723bcba137280e2e97d (patch)
tree: c27b90fb30f3124c7330b6f30d004fd1f0eac171 /ssl
parent: 820d87bc98c254bb36c46891f3fe4e55bd47f2e7 (diff)
1 files changed, 7 insertions, 14 deletions
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 94492ca293..4895f43568 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -214,8 +214,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
     if (!ossl_assert(data_plus_mac_plus_padding_size < 1024 * 1024))
         return 0;
 
-    switch (EVP_MD_type(md)) {
-    case NID_md5:
+    if (EVP_MD_is_a(md, "MD5")) {
         if (MD5_Init((MD5_CTX *)md_state.c) <= 0)
             return 0;
         md_final_raw = tls1_md5_final_raw;
@@ -224,32 +223,28 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
         md_size = 16;
         sslv3_pad_length = 48;
         length_is_big_endian = 0;
-        break;
-    case NID_sha1:
+    } else if (EVP_MD_is_a(md, "SHA1")) {
         if (SHA1_Init((SHA_CTX *)md_state.c) <= 0)
             return 0;
         md_final_raw = tls1_sha1_final_raw;
         md_transform =
             (void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
         md_size = 20;
-        break;
-    case NID_sha224:
+    } else if (EVP_MD_is_a(md, "SHA2-224")) {
         if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0)
             return 0;
         md_final_raw = tls1_sha256_final_raw;
         md_transform =
             (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
         md_size = 224 / 8;
-        break;
-    case NID_sha256:
+     } else if (EVP_MD_is_a(md, "SHA2-256")) {
         if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0)
             return 0;
         md_final_raw = tls1_sha256_final_raw;
         md_transform =
             (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
         md_size = 32;
-        break;
-    case NID_sha384:
+     } else if (EVP_MD_is_a(md, "SHA2-384")) {
         if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0)
             return 0;
         md_final_raw = tls1_sha512_final_raw;
@@ -258,8 +253,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
         md_size = 384 / 8;
         md_block_size = 128;
         md_length_size = 16;
-        break;
-    case NID_sha512:
+    } else if (EVP_MD_is_a(md, "SHA2-512")) {
         if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0)
             return 0;
         md_final_raw = tls1_sha512_final_raw;
@@ -268,8 +262,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
         md_size = 64;
         md_block_size = 128;
         md_length_size = 16;
-        break;
-    default:
+    } else {
         /*
          * ssl3_cbc_record_digest_supported should have been called first to
          * check that the hash function is supported.
author	Matt Caswell <matt@openssl.org>	2020-08-31 14:43:15 +0100
committer	Matt Caswell <matt@openssl.org>	2020-09-03 09:40:52 +0100
commit	13c9843cff061304275a1723bcba137280e2e97d (patch)
tree	c27b90fb30f3124c7330b6f30d004fd1f0eac171 /ssl
parent	820d87bc98c254bb36c46891f3fe4e55bd47f2e7 (diff)